Summary of report on the Netherlands Counterterrorism (CT) Infobox, a joint operation of Dutch govt organizations

Posted on by mrkoot

Logo of CT Infobox

[click image to enlarge]

In March 2015, the Research and Documentation Centre (WODC) of the Dutch Ministry of Security & Justice published a report (.pdf, in Dutch) on the Netherlands Counterterrorism Information Box, aka “CT Infobox”. The CT Infobox was established following the terrorist attacks in Madrid (2004), and serves as a platform for exchange of data about persons that are, from the perspective of terrorism, a potential risk to the Dutch society. Its purpose is “to improve the official information position in respect of persons posing a potential terrorist or radical threat to Dutch society, and to enable appropriate action to be taken against them”.

It is centered at the Dutch General Intelligence & Security Service (AIVD), and is a joint operation of various Dutch government organizations:

  • the General Intelligence & Security Service (AIVD)
  • the Military Intelligence & Security Service (MIVD)
  • the Fiscal Information and Investigation Service (FIOD-ECD; now part of “Inlichtingendienst (ID) Belastingdienst”)
  • the Financial Intelligence Unit Netherlands (FIU Nederland)
  • the Immigration and Naturalization Service (IND)
  • the Netherlands Police Agency (“Landelijke Eenheid” of the National Police)
  • the Royal Netherlands Marechaussee (KMar)
  • the Public Prosecution Service (OM)
  • the National Coordinator for Security & Counterterrorism (NCTV)
  • Inspectorate SZW (“Inspectie SZW”; per January 2012 it merged the former Social Intelligence and Investigation Service (SIOD), Work and Income Inspectorate (IWI) and Labor Inspection (“Arbeidsinspectie”) together)

The Dutch Review Committee on the Intelligence and Security Services (CTIVD) in 2007 published an oversight report (.pdf, in Dutch) about the CT Infobox, as well as the CT Infobox covenant (.pdf, in Dutch) . The oversight report states, among others, that the CT Infobox (then) contained data about 160 persons, and involved ca. 12 fte of AIVD personnel and ca. 10 fte of KLPD personnel. To my knowledge, no recent statistics are available. In February 2015, the AIVD estimated the number of persons who traveled to Syria to be some 150. In a 2014 report by the AIVD about jihad movements in the Netherlands it is stated “a few hundred” supporters and “a few thousand” sympathizers are among the Dutch population. So it shouldn’t be a stretch to expect the CT Infobox to contain data about a few hundred persons. To my knowledge, no numbers are available about other forms of extremism. In the 2007 report, the CTIVD noted that “different from common believe, the CT Infobox is not an entity in which persons are constantly followed and controlled”. And furthermore, that information supplied to the CT Infobox does not leave the CT Infobox — the CT Infobox only provides analyses based on that data to help determine how to handle a person —, and the CT Infobox is not a direct exchange of information between the participating agencies.

The WODC report contains an English summary. Here it is in its entirety (~4700 words):

Summary

CT Infobox 10 years

The Netherlands Counterterrorism Information Box (CT Infobox) was established ten years ago to improve the official information position in respect of persons posing a potential terrorist or radical threat to Dutch society, and to enable appropriate action to be taken against them. Its objective was to facilitate co-operation and the sharing of information about those individuals between government agencies. It was hoped that a better information position would enable more focused selection of those representing a genuine danger, that a broader arsenal of strategies to counter them could be considered and that co-operation and information sharing would result in customised recommendations to CT Infobox participants and third parties on how to deal with them, thus reducing the threat they pose.

With the CT Infobox now ten years old, the need is felt to analyse (i) the original assumptions underlying its organisation and operations, including the extent to which they are supported by empirical evidence, and (ii) how the box functions in practice and how futureproof it is.

Our analysis is based primarily upon interviews, academic literature and policy documents. To investigate the structure of the CT Infobox and the policy logic behind it, we conducted interviews and examined policy documents. Academic literature was then consulted to determine whether there is empirical support for that logic. In making this analysis, we drew a distinction between the functioning of the box at the operational level and its governance. As far as its practical workings are concerned, our principal sources were interviews with box personnel and with members of the Coordinating Board responsible for its oversight. We also spoke with several representatives of organisations involved in counterterrorism at the national level. To supplement the interviews, we studied the confidential annual reports of the CT Infobox itself, reports from the Intelligence and Security Services Regulatory Commission (Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten, CTIVD) and a number of other policy documents. Finally, we visited the box on several occasions to observe its work directly.

It has not proven possible to establish empirically whether the risk to Dutch society posed by individuals with terrorist or radical motives has been alleviated by the creation of the CT Infobox. However, we have been able to investigate whether the box has indeed brought about the kind of co-operation between government agencies which was envisaged when it was first set up. In this closing chapter, we summarise the principal findings of our investigation and reflect upon the future of the CT Infobox.

The Counterterrorism Information Box has undergone a series of changes over the past ten years. The number of participating agencies has grown from five to ten, and its working methods have also evolved. But what has remained constant throughout is the basic principle behind it: the CT Infobox provides a space within which official bodies can share information and communicate about certain individuals and jointly devise recommendations on how to deal with them.

The overall picture produced by this investigation is that the intended co-operation and information sharing have indeed been achieved. Participants are satisfied with these aspects of the box’s work, and with the results generated co-operatively. They view the way in which information is shared as unique, and perceive added value in the fact that information can be approached and assessed from a variety of perspectives and knowledge positions. In their opinion, this enables creative thinking about possible actions and generates appropriate recommendations. The members of the Coordinating Board, the body which oversees and directs the box, are also positive about it. They praised it in particular for the speed and efficiency with which it processes data, for its comprehensive assessment of information and for its social return on investment. The members of the Coordinating Board and the box’s own personnel agree that it is an important resource in the fight against terrorism.

To a certain extent, this positive image is surprising. All too often, after all, efforts by government agencies to co-operate and to share information are beset with problems. We therefore feel that it would be useful in this concluding chapter to focus upon how the CT Infobox is organised and to mention those factors which make it work in the way our interviewees say it does. We shall first discuss the form of co-operation within the box and then briefly consider the way in which it is governed. To conclude, we mention a number of dilemmas relevant to deliberations concerning the future of the CT Infobox.

Co-operation and information sharing between government agencies

From the literature, it is apparent that there are fundamental problems with co-operation and information sharing between government agencies. This is because all have their own tasks and responsibilities, and because partnership arrangements between them often fail to define clear authority relationships. This frequently results in tensions arising between their own interests – maintaining their own autonomy and identity, and achieving their own objectives – and the common interest which gave rise to the partnership. The less the partners are able to account for the benefits of the arrangement to their own organisation, the more their own identities come under threat and the more problematic the partnership becomes. The academic literature highlights a number of factors which appear to determine the extent to which chain partners are able to forge co-operative relationships.

  • The dominance of the chain problem.
  • How the partnership is organised.
  • The underlying legal principles, namely:
    • proportionality, subsidiarity and purpose limitation; and
    • the legal basis.
  • People and resources, especially in terms of:
    • mutual trust; and,
    • data management and the communications system.

In this chapter we look at how the CT Infobox approaches these factors in principle and in practice.

The CT Infobox approach

Dominance of the chain problem

The literature reveals that the dominance of the problem behind a partnership is an important factor in facilitating chain co-operation. In the case of the CT Infobox, certainly, it seems that co-operation between the parties involved is encouraged by the significance all of them attach to countering terrorism. The participants are unanimous in agreeing that this is a key public policy objective, and all are prepared to make their contribution towards that “higher goal” – even if doing so comes at a price and generates little direct return for the organisation. Members of the Coordinating Board state that they have no problem in finding support for CT Infobox participation within their own organisation or in securing the necessary investment in terms of time and capacity. In this respect, it helps that the arrangement has in practice turned out as originally envisaged at the time the box was established. This fact appears to have a self-reinforcing effect.

Organisation of the partnership

According to the specialist literature, organisations compelled to work together and so to share information are often reticent in that respect because they do not know what the other parties are going to do with their material. Moreover, such collaborations are often dogged by problems related to autonomy, authority relationships, task allocations and responsibilities.

In the case of the CT Infobox, these issues are largely overcome by the way in which the box itself is organised. Information is shared only with its own personnel, who do not pass it on or carry out any operational activities themselves. Within the “box”, material provided by the various participating organisations is combined and assessed from a multidisciplinary perspective. Participants or third parties then receive recommendations based upon that assessment. For example, they may be advised to share particular information with another party (“disclosure advice”), to adopt a particular course of action in respect of a given individual (“awareness advice”) or to initiate a personal targeting operation (in advice to the National Co-ordinator for Counterterrorism and Security). It is up to the recipients themselves to decide whether or not to act upon such advice.

In other words, the CT Infobox operates according to the so-called “closed box” principle. Co-operation is intensive when it comes to information, communication, assessment and advice, but the ultimate response to the recommendations emanating from the box is left up to the individual organisations receiving them. That is neither a task nor a responsibility of the CT Infobox itself. The great advantage of this approach is that the participating agencies retain their autonomy of action, in terms of both whether to act and when. Other parties need only be notified of their activities. At the level of specific actions directly against particular individuals, all that is required is good co-ordination – that is, an effective communications structure. There is no need for any more far-reaching forms of co-operation. Effectively, then, the sharing of information and the action taken in response to it have been completely separated. Because of this, the CT Infobox is virtually free of problems related to co-operation at the level of tasks, responsibilities and authority relationships.

One potential disadvantage of this form of organisation, however, is the possibility that CT Infobox recommendations are not taken seriously or are ignored altogether. Although the way in which they are followed up is monitored, the box has no influence over what is done with them. Nonetheless, our interviewees are not under the impression that their recommendations count for nothing. If they are not taken up, there is usually a good reason and it is up to the box to consider possible alternative approaches.

Underlying legal principles

The academic literature includes lengthy discussions centering on the fact that the information exchanged within chains often includes sensitive personal material and so raises issues of privacy. Consequently, there are a number of important legal factors to be considered when establishing co-operative arrangements of this kind: the extent to which the parties involved concur regarding the purposes for which the information is being shared, how they perceive the proportionality and subsidiarity of this activity and the legal guarantees surrounding it.

Proportionality, subsidiarity and purpose limitation

Our interviewees regard the sharing of sensitive personal information within the context of the CT Infobox as proportional, since this is done to combat terrorism and they see that as an overriding social objective. In addition, all agree that sharing material of this kind should only be done in pursuit of such an overriding objective and so should be protected by adequate legal and organisational safeguards.

Within the CT Infobox, attention is paid to the fact that sharing information about individuals must remain within the bounds of proportionality and subsidiarity. In accordance with these principles, the box only collects material about persons notified to it as posing a potential risk and who also meet its own “placement criteria”.

In practice, this means that there must be indications that the subject is involved in terrorism and so represents a potential danger to the Dutch constitutional legal order. If that is indeed the case, the interviewees deem that sharing information about that person complies with the principles of proportionality and subsidiarity. If not, then in principle they are not “hauled through” the CT Infobox process. Moreover, in theory there are regular reviews intended specifically to “delist” subjects. Although these are less of a priority in busy periods, even then they still are carried out from time to time.

Legal basis of the CT Infobox

It is legally permissible for sensitive personal information to be shared within the CT Infobox because, for statutory purposes, it forms part of the General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) and so is governed by the Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten, Wiv). People from other organisations who carry out work for the CT Infobox have undergone the same security screenings and are subject to the same confidentiality requirements as AIVD personnel. And, as mentioned earlier, there is the so-called “closed box” principle. Government agencies pool their information inside the CT Infobox, but none of that material leaves it: “What’s in the box stays in the box”. It is thus no more than a space within which information can be shared and communicated about. The only things to leave it are recommendations, and the recipients can choose whether or not to act upon that advice. Under this arrangement, staff seconded to the box do not share any of the information they encounter during the course of their work with anyone outside it, including other employees of their own organisation. Not even their own line manager or representatives on the CT Infobox’s Coordinating Board. This form of organisation makes it legally possible to share information held by different government agencies about particular individuals.

There has been some discussion in the Coordinating Board about the legal status of the CT Infobox, with reference to the fact that criminal investigation and intelligence information can only be shared when absolutely necessary for national security. In the panel’s view, all the activities currently undertaken within the “box” do fall within that definition in terms of necessity and purpose limitation. Were its remit to be extended in the future, however, to include broader analyses not focusing solely upon individual subjects, then some members of the panel believe that such activities would have to be specifically defined as one of its objectives. And in that case it would be helpful if the CT Infobox had an explicit legal basis. But because this kind of information may not be shared under normal circumstances, others feel that creating a separate legal basis would be going too far.

In 2007 the CTIVD did recommend that the CT Infobox be afforded a legal status of its own under the Wiv. Its main reason for doing so was “frictions in the co-operation” at management level, which were apparent at that time. A specific legal basis would confirm the equal status of the participants and clarify their roles and positions. From our interviews, however, it is apparent that those past frictions have now all but disappeared.

Nonetheless, some people still consider the fact that not all CT Infobox personnel formally enjoy so-called “Article 60 status” (designation to undertake work on behalf of the AIVD) reason enough to amend the Wiv on this point. Others, by contrast, believe that the current arrangement works fine in practice.

People and resources

When it comes to people and resources, the literature focuses upon technical factors which may facilitate or hinder co-operation and upon individual willingness to collaborate. With regard to the former, the challenge lies in the fact that the different participating organisations all have their own information systems which are configured first and foremost to support their own primary processes rather than the joint activities to be conducted as part of the chain partnership. Introducing a new system often creates a multitude of new problems. According to the literature, the best solution for a chain partnership is an arrangement whereby each participant manages its own data but relevant material is available to all, with communications about that information also possible.

As for encouraging individual willingness to collaborate, several factors play a significant role. Apart from sharing a common goal, these include mutual trust and building social capital. The more people gain confidence in one another, understand each other’s abilities and limitations and appreciate the added value to be derived from the partnership, the more successful it becomes.

Data management and communications system

The CT Infobox does not have a central database. Instead, it has been decided that each participant manages – and so retains control over – its own material. Box personnel have access to more than ninety information systems, although the technical possibilities for automatic searches remain relatively limited. It therefore takes quite a lot of time to search the systems thoroughly.

In principle, personnel can browse through “all the files in the box”. In practice, however, most confine their searches to the systems administered by their own organisations, looking for relevant information about reported individuals. In part this is because of the technical limitations on searches in each others’ systems and in part because they feel “more at home” in their own IT environments. This effectively means that tasks within the “box” are allocated along organisational lines.

When a subject comes under investigation, box personnel tend to look for information about him or her in their own systems. Anything they find is retrieved and added to an in-house system which all can access and update. This assembles data in a comprehensive and structured manner, so that it can be reviewed and assessed coherently.

Once the picture is complete, a risk assessment of the subject is carried out and possible actions to mitigate the threat they pose are communicated. According to our interviewees, the chosen system of communication reveals possible responses which might not have been devised had the underlying information only been viewed from a single perspective. As a result, they claim, it is becoming more likely that a multidisciplinary approach will be chosen and that creative thinking will result in novel forms of intervention being proposed. In that respect, they say, the CT Infobox is still developing rapidly.

Mutual trust

Thanks to all the legal and organisational safeguards surrounding the CT Infobox, there is a high degree of internal mutual trust and personnel do not feel restricted in sharing information. Participants say that they trust one another completely, because everyone has undergone A+ screening and is subject to the same security regime. Communications between box personnel, and their mutual trust, also benefit from the fact that they all work on the same corridor at the AIVD and so can meet in person and, for example, drink coffee together. The atmosphere “inside the box” is good, and its Head’s style of management is also liked. Our interviewees also say that the fact that he comes from the police rather than AIVD emphasises the equality of the partnership.

The members of the Coordinating Board state that their mutual trust has increased greatly in recent years, too. Even outside the context of the CT Infobox, they are more and more likely to be in contact with one another. And for the most part they are highly positive about the atmosphere within the panel itself. The CTIVD review in 2007 found that the AIVD had claimed too prominent a position in the early years, but our interviewees say that that is no longer the case. Overall, they are positive to highly positive about the degree of mutual trust within the panel, about the openness of the collaboration and about governance of the CT Infobox.

Moreover, that trust extends beyond the box itself. Although we have not looked at exactly what factors are taken into consideration when referring individuals to the CT Infobox for investigation, it is striking that a large proportion of these subjects are reported by the AIVD and the police. If they believed that the information they hold about such persons might be misused, they would probably be more reticent in disclosing it.

Governance by the Coordinating Board

The literature reveals that the extent to which any governance model is appropriate to a given network is determined by four factors: the number of participants, the degree of consensus concerning its goal, mutual trust and the need for network competencies. If, as in the case of the CT Infobox, there are a lot of participants, a high degree of consensus, substantial mutual trust and a great need of network competencies, then the most suitable model would seem to be a “network administrative organisation”.

To guide the work of the CT Infobox, an independent committee has been formed: the Coordinating Board (Coördinerend Beraad). All the participating organisations appoint one board-level representative to sit on this body. This means that the box can indeed be characterised as a “network administrative organisation” rather than one run in accordance with “shared governance” (all the participants guide the network in equal measure) or “lead organisation” (one partner assumes leadership) principles. Moreover, this arrangement seems to work well in practice. The Coordinating Board confines itself mainly to strategic decisions and policy matters, whilst day-to-day operational management is in the hands of the Head of the CT Infobox. According to some of Coordinating Board members we interviewed, however, this structure does leave something of a gap between the operational and strategic levels. This is no way a criticism of either the chair of the Coordinating Board or the Head of the CT Infobox, both of whom are very highly regarded, but more about the limited fulfilment by the panel of its assigned role as a proactive governing body. In the view of some interviewees, the panel in its current form acts purely as a reactive “supervisory board”. Some would like to see a stronger policy component to its work, arguing that it should be lobbying for a wider remit for the CT Infobox. For example, one that include supporting analyses based upon the information available within the box. Because this issue touches upon the very purpose of the CT Infobox, it is one which has to be discussed within the Coordinating Board.

The future of the CT Infobox

Our interviewees agree that the existence of the CT Infobox is justified, and are positive about its future. All expect it to survive for at least the next decade. They consider it futureproof and believe that ten years from now there will still be a need for the “room to share” which it provides. However, several possible options for its future direction were put forward. These concern its composition, its objectives, its legal status, the role of the Coordinating Board and increasing awareness of its existence. The points discussed with the interviewees are summarised below, in all cases subject to the proviso that these are matters for further discussion. They reflect dilemmas which need to be addressed on a regular basis, because the choices made in these respects are always going to be influenced in part by political and societal developments.

Composition – how many participants?

Strikingly, the majority of our interviewees are satisfied with the current composition of the CT Infobox. In the ten years since it was founded, the number of participants has increased from five to ten. However, there is a dilemma in this respect. At the operational level, it is good to have a large number of organisations represented. But the more of these there are, the more complex that makes the box’s governance. And greater numbers also tend to favour a more conservative approach. Including more participants simply in order to gain access to more sources of information does not appear to be necessary, whilst cutting the number of participants is undesirable from the operational point of view.

To simplify the box’s governance, one idea would be to reduce the size of the Coordinating Board. But that could leave active participants without representation at this level. It is for these reasons that many of the interviewees say that the box’s current composition is “exactly right”.

Objectives – different subjects and analyses?

All the interviewees agree that the public policy objective behind the foundation of the
CT Infobox and the partnership it represents – fighting terrorism – is hugely important. But there is some discussion as to whether its remit should be broadened to include additional subject groups or deepened with more fundamental analyses.

Essentially, the box’s success in combining information has led to calls for more of the same: by collecting more information about more people in the same fashion, other serious threats – from organised crime, for example – could also be tackled better. On the other hand, one of the main reasons why the CT Infobox works so well is that its whole raison d’être – counterterrorism – is regarded as a “greater good” for society as a whole. Were its mission to be extended into other domains, that would give rise to debate about the necessity, proportionality and subsidiarity of sharing information in this way. Some participants would certainly question the legitimacy of doing so for these new purposes. The CT Infobox in its current form works because it targets a very small and specific group. Expansion may cause more problems than it solves.

Effectively, the same applies to analyses. The CT Infobox brings together a lot of information which could be used to produce in-depth analyses. But the more it does this, the more the box drifts away from the original purpose for which it was established. This needs to be taken into account when considering what is possible and desirable.

Interestingly, the Coordinating Board has never discussed this issue in a structured manner. This is reflected in the fact that different members interpret the very word “analyses” in quite different ways, from operational analyses of particular subjects to analyses of broad social trends and phenomena.

As for CT Infobox personnel, they express no particular interest in investigating new subject groups but they do consider the underuse of existing analytical opportunities as a chance missed. What they need more than anything is greater capacity for operational analyses – so that they can investigate subjects in more depth, for example, and conduct tactical analyses. They would also very much like to carry out analyses providing them with an insight into the effects of their recommendations – what works, and under what circumstances – so that they can learn lessons for the future. But there are some personnel who believe that there is added value to be gained from the strategic analysis of trends and developments, too, because they feel that such exercises would help when setting priorities and in designing structural barriers against terrorism. In general, personnel think that greater analytical capacity will make the box more futureproof.

Members of the Coordinating Board talk about analyses in general terms, but in many cases seem to be referring to strategic analyses which could be used in formulating policy. Before deciding whether the CT Infobox should start conducting analyses at some point in the future, then, it is essential to establish exactly what is meant by the term and what the benefits and drawbacks of such an extension of the box’s role might be. The same also applies to expansion to include new subject groups, of course, but at this stage there seems to be less support for that course of action.

Legal status

We have already outlined the previous discussion by the Coordinating Board of the legal status of the CT Infobox. Some believe that it requires an explicit legal basis, others that it is best without one. When considering the box’s future, not only should the need for such a status – as already recommended by the CTIVD – be investigated but also its potential benefits and drawbacks as well as what exactly should or should not be established in law.

Role of the Coordinating Board

As far as the role of the Coordinating Board is concerned, the perceived gap between the operational and strategic governance of the CT Infobox could be filled by ensuring that the panel focus more intensively upon operational issues. Alternatively, it could also operate at greater distance from the box’s day-to-day activities. Both possibilities have their advantages and disadvantages. To make a considered choice in this matter, a variety of options for a revised role for the Coordinating Board should be drawn up so that their respective pros and cons can be weighed up explicitly.

Outside support

To conclude, the future of the CT Infobox will be shaped not only by the degree of support it enjoys among its own personnel and the Coordinating Board, but also to a great extent by its image in the “outside world”. In fact, it can only function properly as long as that world trusts in its work and provides it with sufficient backing. Most of our interviewees expressed no concern about the extent of that support, but some members of the Coordinating Board did note that there should really be broader awareness of the high quality of the products the box delivers and the added value its provides. The CT Infobox operates in an environment in which confidentiality and secrecy play a major role, and so its successes often remain hidden. Despite this, they would find it a good thing if some of the positive feeling which prevails inside the “box” were to be sensed outside it. It is certainly worth considering how this might be achieved. The more openness there is, though, the less of a “closed box” the box becomes. There are conflicting interests at stake, but a balance should be struck between them. Perhaps the “theme days” the CT Infobox organises for its participating agencies could help generate greater openness. As should the picture of its work presented in this report.

EOF